As part of the series for ESXi 6.5 this post should give you an idea of how to handle a ESXi image build in detail. No long introduction. Let’s start:
Preparation
- Get you the latest ESXi 6.5 offline bundle available from
VMware Patch Repository (MyVMware Login required) - Get the required drivers and agents from HPEFirst check the recipe for the right firmware and driver combinations. This maybe requires you to update firmware on your boxes.
HPE ProLiant server and option firmware and driver support recipe
Download the required drivers for the latest folder container esxi-650-* hierachie
http://vibsdepot.hpe.com/hpe/nov2016/
(alternatively you could connect this online, but have to build the image without a proper internet connection)
The “esxi-650-devicedrivers” folder contains the right offline bundles for the drivers. Pick the ones you need for your hardware. If you have no idea how to find our what driver is required, please play around a little bit with the “esxcfg-*” commands on the ESXi Shell. List your network and storage adapters on an existing ESXi, best installed with vendor image, and note down the drivers are used.
The “esxi-650-bundles” contains all additional agents and tooling. Just download the hpe-esxi6.5uX-bundle-* file as this does contain thehpe-smx-provider
CIM provider integration you need for proper hardware monitoring.Some of the drivers are double zipped. Just extract the first layer so you have the offline bundle. The second zip file should not contain any further *.zip file, but *.vib or a vib20 folder. - Setup a PowerCLI 6.5 environment on a compatible Windows machine
Build
- Load the VMware ESXi vanilla image
Add-EsxSoftwareDepot .\ESXi650-201703002.zip
- Clone it for further modification
PS> Get-EsxImageProfile | Select Name Name ---- ESXi-6.5.0-20170304101-standard ESXi-6.5.0-20170304101-no-tools
Select the standard image. For other patch offline depots you might see for Image Profiles. Pick the standard one without “s” behind the number.New-EsxImageProfile -CloneProfile ESXi-6.5.0-20170304101-standard -Name "ESXi-650-custom-hpe-hardened" -Vendor "schoen computing"
The Acceptance Level gets automatically inherited from the source image. You don’t need to explicitly specify the parameter. - Remove packages
Remove-EsxSoftwarePackage -ImageProfile ESXi-650-custom-hpe-hardened -SoftwarePackage xhci-xhci
I removed these packages for my use case:sata-ata-piix net-usbnet sata-sata-sil lsi-msgpt2 scsi-megaraid2 scsi-mptspi ata-pata-hpt3x2n shim-libata-9-2-1-0 net-forcedeth scsi-mpt2sas ata-pata-pdc2027x scsi-megaraid-mbox lsu-hp-hpsa-plugin ata-pata-cmd64x ata-pata-serverworks lsu-lsi-mpt2sas-plugin ata-pata-atiixp shim-iscsi-linux-9-2-2-0 mtip32xx-native scsi-adp94xx nmlx4-en lsu-lsi-lsi-msgpt3-plugin misc-cnic-register scsi-bnx2i net-bnx2x net-fcoe scsi-aacraid scsi-qla4xxx scsi-megaraid-sas ata-pata-sil680 scsi-iscsi-linux-92 scsi-aic79xx net-nx-nic shim-libfc-9-2-1-0 net-bnx2 ata-pata-via lsu-lsi-megaraid-sas-plugin i40en net-cnic net-vmxnet3 emulex-esx-elxnetcli shim-libfc-9-2-2-0 nvme scsi-ips qfle3 net-enic scsi-bnx2fc net-mlx4-en shim-libfcoe-9-2-2-0 nvmxnet3 sata-sata-nv vmware-esx-esxcli-nvme-plugin lsu-lsi-lsi-mr3-plugin net-cdc-ether usb-storage-usb-storage sata-sata-promise scsi-mptsas scsi-hpsa nmlx4-rdma ata-pata-amd pvscsi net-mlx4-core shim-libfcoe-9-2-1-0 lsi-mr3 nhpsa shim-vmklinux-9-2-1-0 block-cciss scsi-fnic lsi-msgpt3 nmlx4-core qlnativefc shim-libata-9-2-2-0 lpfc nmlx5-core sata-sata-svw ima-qla4xxx nenic elxnet qedentv sata-sata-sil24 shim-iscsi-linux-9-2-1-0
This list does also contain drivers now get removed, but later added from the HPE depot in a newer version.
Attention: Not all packages can be removed in the listed order as there dependencies between them. If the CLI does not allow you to remove a package as it is a required for another package, just remove the other first and try again. - Export the stripped image
Export-EsxImageProfile -ImageProfile ESXi-650-custom-hpe-hardened -ExportToBundle -FilePath .\ESXi-650-custom-hpe-hardened.zip
This image now does contain only the left packages. I prefer now to close the PowerCLI session and load the exported image in a new session like in step 1. - Add HPE offline depots
Add-EsxSoftwareDepot .\<hpe driver/bundle>.zip
Add all downloaded and extracted zips in the way above. - Add the HPE packages to the image
Add-EsxSoftwarePackage -ImageProfile ESXi-650-custom-hpe-hardened -SoftwarePackage <package name>
The package names can be get from the offline depot zip files. These contain a folder for each package name invib20
folder. For my use case these packages were added:net-bnx2x hpe-esxi-fc-enablement net-bnx2 misc-cnic-register qfle3 scsi-mpt2sas lpfc hpe-smx-provider net-cnic nhpsa scsi-bnx2fc
- Export the finale image
Export-EsxImageProfile -ImageProfile ESXi-650-custom-hpe-hardened -ExportToBundle -FilePath .\ESXi-650-custom-hpe-hardened.zip Export-EsxImageProfile -ImageProfile ESXi-650-custom-hpe-hardened -ExportToIso -FilePath .\ESXi-650-custom-hpe-hardened.iso
Keep the ZIP store anywhere as you can use it for updating and extending the image.